China Likely Outed Soon For (Microsoft) Exchange Hacks

Breaking Defense ^ | @ July 2021 | Brad D. Williams

[Alas Babylon!]

WASHINGTON: The Biden administration will formally say “in coming weeks” who initiated the widespread Microsoft Exchange server hacks that swept the country earlier this year, Deputy National Security Advisor for Cyber and Emerging Tech Anne Neuberger said. China is the leading suspect.

The attribution will be the third in a series of high-profile cyber incidents the administration has had to grapple with since taking office, including SolarWinds and Colonial Pipeline. The administration in April formally attributed SolarWinds, which began and was disclosed last year but the effects of which have spilled over into this year, to the Russian Foreign Intelligence Service (SVR). In May, the FBI said cybercriminal group DarkSide’s ransomware was used in the Colonial Pipeline, although it remains unclear to date whether DarkSide or one of its affiliates conducted the hack.

The attribution is likely to further strain US relations with China, which military and government officials consistently refer to as the US’s “pacing threat.” China is the world’s second largest economy and the US’s second largest trading partner (after the European Union). The US is China’s top trading partner. All of these factors create a much different dynamic than US relations with Russia.

As Breaking Defense readers know, Microsoft in March disclosed the campaign and released out-of-band patches for four zero-day vulnerabilities that were being exploited as part of the wide-ranging cyberespionage campaign. At the time of disclosure, Microsoft attributed the initial campaign with “high confidence” to a previously unknown Chinese group dubbed HAFNIUM. However, soon after disclosure, a range of cyber actors began exploiting the vulnerabilities in unpatched server software, including Chinese, Russian, and criminal threat actors.

Approximately 140,000 US organizations were made vulnerable, Neuberger said during a virtual event hosted by Silverado Policy Accelerator.

The Exchange campaign attribution will also provide hints about the role of the first national cyber director in such incidents. NSA veteran Chris Inglis was confirmed for the position just weeks ago.

The scope and scale of China’s extensive cyberespionage gained greater recognition by the general public while Joe Biden was vice president and continued through the Trump administration. The Chinese conducted multiple high-profile hacks against US targets, including health insurance giant Anthem, financial services company Equifax, and the US government’s Office of Personnel Management. Those three hacks resulted in the loss of Americans’ health, financial, and security clearance data, respectively.

Cyberespionage targeting US intellectual property, to include commercial and industrial information, had led to the “greatest transfer of wealth in history,” then-head of CYBERCOM and NSA Gen. Keith Alexander said in 2012. The Intellectual Property Commission Report, published in May 2013, found that China was stealing $300 billion worth of US IP annually — an amount financially equivalent to all US Asian annual exports at the time of its publication.

Still, as Breaking Defense readers know, the Microsoft Exchange cyberespionage campaign entailed some remarkable events and has left some unanswered questions. Chief among these is how threat actors seemingly knew Microsoft would disclose the campaign in early March and, in response, stepped up hacks in the days before — to include other Chinese groups in addition to HAFNIUM.

The government’s response entailed an unprecedented — at least to public knowledge — action by the FBI, in which the law enforcement organization obtained a court’s permission to proactively breach networks and patch vulnerable Exchange servers of private entities without providing those entities with advanced notice. The legal ramifications could be significant for how the government responds to future cyber incidents.

Now the administration must weigh how to respond to the campaign. Details of what counteractions the administration is considering are sparse at the moment. Here’s what can be safely assumed: Should the president decide the US response merits some cyber element, CYBERCOM would lead such an operation, with assistance from the NSA.

[Alas Babylon!]

Well, well, well...

Looks like it's not just the Russians after all. Now what's the senile father of a Red Chinese bagman supposed to do?

[brownsfan]

So? What are the eunuchs running this country going to do about it? Nothing! What will the media report to the tragically stupid public? Nothing!

China owns us, and will do as they please. Get used to it.

[Zathras]

There has been a flaw in MS Exchange security for close to 10 years.

[cuz1961]

been a flaw in MS//

It’s not a bug
It’s a feature

Remember it’s
“ vaccines can reduce overpopulation” bill.

[Alas Babylon!]

Oh, longer than that. I’m even sure there are yet thousands of flaws in a lot of software and systems today. Buffer overruns, for example, are all too common and can be exploited.

I’ve been an Exchange admin since 5.0... Circa 1996/7...

Doesn’t mean I want the ChiComs to exploit us. Yes, software companies have an obligation to ensure their systems are secure, and timely notification of insecurities when discovered, but all IT pros need to provide better than out-of-the-box security to their systems.

Most of the successful hacks of systems have been, and continue to be, poor security practices.

[Alas Babylon!]

The Left puts politics into EVERYTHING. I hate it.

They’ve ruined sports and technology with all their wokeness.

But lets not encourage it or be that guy.

Gates is a elitist Leftist, but the whole company makes products that he has no design or operations decisions in at all, since he gave up his CEO role more than a decade ago and is now just a leech off all of his stocks. Gates vaccination pushing doesn’t have a bearing here.

But Microsoft IS one of the top woke companies, and it does really piss me off.